VirusAdware/WSearch
Analysis
- Downloads a file from the URL http://pi{REMOVED}ou.com/ and saves it to the Temporary folder as PigUp.exe.
- Creates the following registry entries:
HKEY_CURRENT_USER\Software\MSWord\Search
HKEY_CURRENT_USER\Software\PigUp
Autostart Mechanism
- Creates the following registry entry:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
PigUpdate = "[Adware Path and Filename]"
Recommended Action
-
FortiGate Systems
- Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.
Telemetry
Detection Availability
| FortiGate | |
|---|---|
| Extreme | |
| FortiClient | |
| Extended | |
| FortiMail | |
| Extended | |
| FortiSandbox | |
| Extended | |
| FortiWeb | |
| Extended | |
| Web Application Firewall | |
| Extended | |
| FortiIsolator | |
| Extended | |
| FortiDeceptor | |
| Extended | |
| FortiEDR |
Version Updates
| Date | Version | Detail |
|---|---|---|
| 2021-11-16 | 89.06923 | |
| 2021-09-02 | 88.00828 | |
| 2021-06-01 | 86.00601 | |
| 2021-03-20 | 84.00856 | |
| 2021-01-26 | 83.57800 | Sig Updated |
| 2020-11-05 | 81.62100 | Sig Updated |
| 2020-10-06 | 80.89700 | Sig Updated |
| 2020-09-08 | 80.22400 | Sig Updated |
| 2020-09-01 | 80.05600 | Sig Updated |
| 2020-08-13 | 79.60100 | Sig Updated |